Re: [Openvpn-users] --learn-address don't provide IP for dev tap?

  Subject: Re: [Openvpn-users] --learn-address don't provide IP for dev tap?
  From: Mathias Sundman
  Date: Thu, 16 Dec 2004 06:49:57 +0100 (CET)

On Wed, 15 Dec 2004, Didier Conchaudron wrote:

The problem is that, in my understanding, I do have to know client IP in tun mode, eq "ifconfig server_ip client_ip". I can't use that way because I can't know the ip address of the incoming clients. I'm not doing pptp.

So my question could be this one: How to use tun mode in order to be able to get several clients without knowing their ip address?

I cc my server config, then you can help me to modify it using tun ;-)

NoNo... You have missunderstood the --ifconfig option in server mode. This only creates a P-t-p used for OpenVPN to communicate with the server host operating system internally. Then --ifconfig-pool is used to assign a /30 subnet to each client.

You never need to know the clients IP address in advance, neither with --dev tun or --dev tap.

Here's a modified version of your config for use with --dev tun.

dev tun

port 443
proto tcp-server

user nobody
group nobody

dh dh1024.pem

ca /root/CA/ca.crt
cert /root/CA/certs/server.crt
key /root/CA/private/server.key

crl-verify /root/CA/crl/crl.pem

tls-verify /root/openvpn/x509-verify.pl
auth-user-pass-verify /root/openvpn/user-pass.sh via-env
learn-address /root/openvpn/firewall.pl

status-version 1
status /root/openvpn/sessions-status.log 4

verb 3

mode server
push "route"
push "redirect-gateway"
push "ip-win32 dynamic"
push "dhcp-option DNS x.x.x.x"
push "dhcp-option DNS y.y.y.y"

